Keeping GitHub OAuth Tokens Safe

While making your source code available in a public GitHub repository is awesome, it’s important to be sure you don’t accidentally commit your passwords, secrets, or anything else that other people shouldn’t know.

Starting today you can commit more confidently, knowing that we will email you if you push one of your OAuth Access Tokens to any public repository with a git push command. As an extra bonus, we’ll also revoke your token so it can’t be used to perform any unauthorized actions on your behalf.

For more tips on keeping your account secure, see “Keeping your SSH keys and application access tokens safe” in GitHub Help.

Have feedback on this post? Let @github know on Twitter.
Need help or found a bug? Contact us.

Changelog

Subscribe

Discover new ways to build better

Try Marketplace apps free for 14 days

Learn more